SERVPROV Users can Run RIQ and View Other Carriers' Rates
(Doc ID 730073.1)

Last updated on FEBRUARY 25, 2019

Applies to:

Oracle Transportation Management - Version 5.5.03 to 5.5.06 [Release 5.5]Information in this document applies to any platform.
This problem can occur on any platform.

Symptoms

-- Problem Statement:By Default, SERVPROV users can see all domain rates in RIQ. They can gain access to the RIQ by clicking on Ask-OTM -> Rates.

Even if this toolbar is hidden using User Preferences, it can be enabled by clicking on the Arrow in the OTM header.

The default User Role for a Servprov user is SERVPROV. This User Role is assigned the User Level of DEFAULT. This User Level includes the Assign Function: Rate Inquiry.

This gives access to the Rate Inquiry. Since the SERVPROV domain has (by default) access to all rates in all domains, this returns all Service Providers' rates and gives everyone visibility to other carriers' rates.

-- Steps To Reproduce:1. Log into OTM as a SERVPROV user2. Click on the Ask-OTM->Rates3. Run an Rate Inquiry